mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-10-04 15:12:30 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
Uwe Steinmann
commit
dc6b153df8
|
|
@ -3286,7 +3286,15 @@ class SeedDMS_Core_DMS {
|
|||
* @return string|boolean hash value of false in case of an error
|
||||
*/
|
||||
function createPasswordRequest($user) { /* {{{ */
|
||||
$hash = md5(uniqid(time()));
|
||||
$lenght = 32;
|
||||
if (function_exists("random_bytes")) {
|
||||
$bytes = random_bytes(ceil($lenght / 2));
|
||||
} elseif (function_exists("openssl_random_pseudo_bytes")) {
|
||||
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
$hash = bin2hex($bytes);
|
||||
$queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")";
|
||||
$resArr = $this->db->getResult($queryStr);
|
||||
if (is_bool($resArr) && !$resArr) return false;
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@
|
|||
<notes>
|
||||
- fix SeedDMS_Core_User::getDocumentContents()
|
||||
- fix SeedDMS_Core_File::fileExtension()
|
||||
- SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash
|
||||
</notes>
|
||||
<contents>
|
||||
<dir baseinstalldir="SeedDMS" name="/">
|
||||
|
|
|
|||
|
|
@ -695,7 +695,7 @@ function formatComment($an) { /* {{{ */
|
|||
* @param string $command The command to check
|
||||
* @return bool True if the command has been found ; otherwise, false.
|
||||
*/
|
||||
function commandExists ($command) {
|
||||
function commandExists ($command) { /* {{{ */
|
||||
$whereIsCommand = (PHP_OS == 'WINNT') ? 'where' : 'command -v';
|
||||
|
||||
$process = proc_open(
|
||||
|
|
@ -718,7 +718,7 @@ function commandExists ($command) {
|
|||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Send a file from disk to the browser
|
||||
|
|
@ -880,6 +880,23 @@ function createNonce() { /* {{{ */
|
|||
return base64_encode($bytes);
|
||||
} /* }}} */
|
||||
|
||||
/**
|
||||
* Create a real uniqid for cryptographic purposes
|
||||
*
|
||||
* @ return string
|
||||
*/
|
||||
function uniqidReal($lenght = 13) {
|
||||
// uniqid gives 13 chars, but you could adjust it to your needs.
|
||||
if (function_exists("random_bytes")) {
|
||||
$bytes = random_bytes(ceil($lenght / 2));
|
||||
} elseif (function_exists("openssl_random_pseudo_bytes")) {
|
||||
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
|
||||
} else {
|
||||
throw new Exception("no cryptographically secure random function available");
|
||||
}
|
||||
return substr(bin2hex($bytes), 0, $lenght);
|
||||
}
|
||||
|
||||
/**
|
||||
* Compare function for sorting users by login
|
||||
*
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ include("../inc/inc.Extension.php");
|
|||
include("../inc/inc.DBInit.php");
|
||||
include("../inc/inc.ClassSession.php");
|
||||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.ClassEmailNotify.php");
|
||||
//include("../inc/inc.ClassEmailNotify.php");
|
||||
|
||||
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
|
||||
|
||||
|
|
|
|||
|
|
@ -206,7 +206,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
*/
|
||||
function reverseLookup($path) /* {{{ */
|
||||
{
|
||||
$path = rawurldecode($path);
|
||||
// do not use rawurl[de|en]code anymore, search for rawurlencode
|
||||
// $path = rawurldecode($path);
|
||||
if($this->logger)
|
||||
$this->logger->log('reverseLookup: path='.$path.'', PEAR_LOG_DEBUG);
|
||||
|
||||
|
|
@ -384,8 +385,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
array_shift($patharr);
|
||||
$path = '';
|
||||
foreach($patharr as $pathseg)
|
||||
$path .= '/'.rawurlencode($pathseg->getName());
|
||||
// $path .= '/'.$pathseg->getName();
|
||||
// $path .= '/'.rawurlencode($pathseg->getName());
|
||||
$path .= '/'.$pathseg->getName();
|
||||
if(!$path) {
|
||||
$path = '/';
|
||||
$info["props"][] = $this->mkprop("isroot", "true");
|
||||
|
|
@ -407,9 +408,8 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
array_shift($patharr);
|
||||
$path = '/';
|
||||
foreach($patharr as $pathseg)
|
||||
$path .= rawurlencode($pathseg->getName()).'/';
|
||||
// $path .= $pathseg->getName().'/';
|
||||
// $info["path"] = htmlspecialchars($path.rawurlencode($obj->getName()));
|
||||
// $path .= rawurlencode($pathseg->getName()).'/';
|
||||
$path .= $pathseg->getName().'/';
|
||||
if($this->useorgfilename) {
|
||||
/* Add the document id and version to the display name.
|
||||
* I doesn't harm because for
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user